The UK National Security and Investment Bill: Strengthening scrutiny of investment in the UK and introducing the UK’s first mandatory notification regime

On 11 November 2020, the UK Government introduced the National Security and Investment Bill (the Bill) to the House of Commons, in a much-anticipated move to bolster its powers to review investments affecting UK national security.

The Bill has been introduced in the context of the Government’s 2015 National Security Risk Assessment, which found that threats to national security were on the rise, and that concerns over, in particular, critical national infrastructure and technology were mounting. The COVID-19 pandemic has also brought fresh focus to the critical importance of healthcare to national security; a factor also reflected in the EU’s new FDI Screening Regulation and the European Commission’s related guidance.

While the government currently has the power to scrutinize foreign investment based on public interest considerations under the Enterprise Act 2002, such powers only apply where a transaction also meets the UK merger control thresholds on turnover and share of supply, save for in relation to very tightly defined special public interest cases. The Bill will provide new powers for the government to “call-in” transactions, if they involve certain “trigger events” and raise a reasonable suspicion of a risk to national security, regardless of whether the transaction meets turnover or share of supply thresholds.

Mandatory notification

Currently, the UK FDI notification regime under the Enterprise Act 2002 is entirely voluntary, but the Bill will introduce the first mandatory notification obligation in certain sectors. The government has launched a consultation, closing on 6 January 2021, identifying the key sectors in which transactions would require mandatory notification and requesting feedback on the proposed definition of each. The 17 key sectors are as follows:

1. Advanced materials;
2. Artificial intelligence;
3. Autonomous robotics;
4. Civil nuclear;
5. Communications;
6. Computing hardware;
7. Critical suppliers to government;
8. Critical suppliers to emergency services;
9. Cryptographic authentication;
10. Data infrastructure;
11. Defence;
12. Energy;
13. Engineering biology;
14. Military or dual-use technologies;
15. Quantum technologies;
16. Satellite and space technologies; and
17. Transport

Certain transactions in these sectors will require mandatory notification, even if they involve the acquisition of just 15% or more of voting rights/shares.

Government “call-in” powers and the voluntary regime

Transactions outside of the mandatory regime may still be “called-in” by the government if they meet certain “called trigger events”, such as the acquisition of 25% or more of the voting rights/shares of an entity. Importantly, the geographical reach of the draft Bill is very wide, with non-UK targets coming into scope if they carry on activities, or supply goods/services to persons, in the UK. Whilst this definition may be tightened before the Bill comes into effect, the current scope would have a significant impact on global foreign-to-foreign transactions even where the UK is not considered a key jurisdiction. In a way, keeping the broad scope would arguably set the Bill apart from what could traditionally be considered ‘foreign direct investment’.

The governments call-in power also extends to the acquisition of a broad range of assets, including land and IP, although the government expects to intervene very rarely in such transactions, unless an asset is close to activities in the key sectors identified above.

The government’s call-in power can be exercised up to six months after they become aware of the transaction, with a long-stop date of 5 years from the trigger event. However, no long-stop date applies where the transaction is caught by the mandatory regime.

In order for parties to obtain certainty about a transaction that falls outside the mandatory regime but may otherwise be called-in, the Bill encourages parties to voluntarily notify transactions that involve a trigger event and which may raise a national security consideration.

Process of review

The Bill will remove the CMA from the review process and the national security assessments will be undertaken by a new Investment Security Unit, made up of 100 individuals within the Department for Business, Energy & Industrial Strategy (DBEIS), with the Secretary of State (SoS) making the final decision.

In order to improve certainty for parties, the Bill will streamline the process so that the SoS must, within 30 working days of accepting a notification, either issue a call-in notice or confirm that no further action will be taken. On issuing a call-in notice, the SoS will have a further 30 working days to review the transaction, which may be extended by a further 45 working days. Any extension beyond this will require agreement with the acquiring party.

At the conclusion of the review period, the SoS will be able to clear, impose conditions on or block a transaction.

Substantive review

The government’s Statement of Policy Intent identifies the risk factors that the SoS is expected to consider in the assessment, summarised as follows:

1. the target risk – i.e. the nature of the target and whether it is in an area of the economy where the government considers risks are more likely to arise, broadly split into three levels of risk:

1. core areas – headline sectors in which national security risks are more likely to arise and where mandatory notification applies.
2. core activities – primarily within the core areas, the SoS will identify specific activities where risks are most likely to arise.
3. the wider economy – trigger events occurring in the remaining areas of the economy are only expected to be called in by exception.
1. the trigger event risk – i.e. the type and level of control being acquired and how this could be used in practice. Examples include gaining control of a crucial supply chain or access to a sensitive site, as well as the risk of disruptive/destructive actions, espionage or inappropriate leverage.

1. the acquirer risk – i.e. the extent to which the acquirer raises national security concerns. This will be assessed on a case-by-case basis taking into account, among other things, the identity of the ultimate controller of the acquirer and their track record in other acquisitions/holdings.

Penalties for failure to notify

Transactions caught by the mandatory notification obligation but which are completed before receiving clearance will be legally void (although there will be a process by which the Secretary of State can retrospectively validate an otherwise void transaction).

Importantly, the new powers will be backed by both civil and criminal sanctions. Parties can be fined up to 5% of their worldwide turnover or £10m (whichever is higher) for non-compliance and individuals can face imprisonment for up to five years.

What next?

Although the Bill is not likely to come into effect before early 2021, it will provide retrospective powers to call-in any transaction with a trigger event that took place on or after 12 November 2020 (i.e., the day following the introduction to Parliament of the draft Bill).

The Enterprise Act 2002 will continue to apply during this interim period, but transactions taking place between 12 November 2020 and the date the Bill comes into effect risk being called-in for up to six months from when the Secretary of State becomes aware of them (or 6 months from the commencement date of the Bill if the Secretary of State is already aware of the transaction at the commencement date). Parties involved in such transaction will therefore need to be mindful of the new regime and can contact the new Investment Security Unit for informal advice (investment.screening@beis.gov.uk), if necessary.

The Bill highlights the balance that must be struck between the need to ensure the UK remains an attractive place to invest post-Brexit and the growing concerns around national security and hostile state actors. The tone that the government seeks to strike can perhaps be best summarised by the words of Alok Sharmer (Secretary of State for Business, Energy and Industrial Strategy) when he asserted that “the UK is very much open for business, but being open for business does not mean that we are open to exploitation”.

There is speculation that the wide scope of the Bill will invite a flood of notifications, raising concerns about the DBEIS’s capacity to make it work. The accompanying Impact Assessment estimates that 1,000 – 1,800 notifications will be made each year under the regime, with 70-95 being reviewed in-depth and 10 of these seeing remedies imposed; significant figures when you consider only 12 transactions have been reviewed on national security grounds since 2003 under the current regime.

The Bill is certainly bolder than most expected, increasing the likelihood of opposition and potentially material amendments being made before it enters into force. It will therefore be crucial for foreign investors to stay abreast of the evolving landscape in the UK to avoid the risk of substantial penalties under what will likely be a very broad regime.

This memorandum is a summary for general information and discussion only and may be considered an advertisement for certain purposes. It is not a full analysis of the matters presented, may not be relied upon as legal advice, and does not purport to represent the views of our clients or the Firm. Riccardo Celli, an O'Melveny partner licensed to practice law in the Capital Region of Brussels, the Law Society England & Wales, and Roma, Christian Peeters, an O'Melveny of counsel licensed to practice law in the Capital Region of Brussels and Germany, and Rebecca Evans, an O'Melveny associate licensed to practice law in the Law Society England & Wales, contributed to the content of this newsletter. The views expressed in this newsletter are the views of the authors except as otherwise noted.

© 2020 O’Melveny & Myers LLP. All Rights Reserved. Portions of this communication may contain attorney advertising. Prior results do not guarantee a similar outcome. Please direct all inquiries regarding New York’s Rules of Professional Conduct to O’Melveny & Myers LLP, Times Square Tower, 7 Times Square, New York, NY, 10036, T: +1 212 326 2000.